Hacked US agency is suspending its IT system

Archuleta rubs her eyes as she testifies before a House Oversight and Government Reform hearing on the data breach of OPM computers, on Capitol Hill in Washington Thomson Reuters

WASHINGTON (Reuters) - The U.S. Office of Personnel Management (OPM) said on Monday it would temporarily suspend a program it uses to complete background investigations, following a data breach that compromised the personal information of millions of Americans.

The program, called Electronic Questionnaires for Investigations Processing (e-QIP), was not involved in either of two attacks by suspected Chinese hackers on personnel data and applications for security clearances, OPM said. The breaches were announced earlier this month.

After a security review ordered by Director Katherine Archuleta found a vulnerability in the system, OPM said it would take e-QIP offline for 4-6 weeks until security can be enhanced.

In a statement, the agency said there was no evidence the vulnerability had been exploited.

But the move amounts to an implicit admission the electronic submission system is vulnerable, and some agencies are considering switching to a more old-school process of submitting data on paper, according to sources familiar with the issue who are unauthorized to speak publicly about it.

The breach has fueled doubts about the centralized electronic system set up to process security clearances after the Sept. 11, 2001, hijacking attacks, and could prompt some intelligence agencies and others to switch back to their own applications, the sources said.

The electronic system is designed to collect massive amounts of personal data, ranging from financial histories to information about relatives, from those undergoing federal background checks. Employees sign in using their Social Security numbers.

Brian Kaveney, who heads the security clearance practice at Armstrong Teasdale, said the move would have serious consequences for companies seeking security clearances for their employees, compounding a logjam caused by mandatory budget cuts in 2013.

"This security measure will doubtlessly increase the processing time of clearance applications and potentially create a backlog, slowing business efforts to deliver classified goods and services to the federal government," Kaveney said in an interview.

"Several federal agencies have worked incredibly hard to reduce the backlog caused by 2013's budget sequestration and other issues, and now we may be facing a similar slowdown caused by security problems."

The announcement follows widespread doubts among lawmakers about Archuleta's ability to lead OPM following the announcement earlier this month of the sweeping breaches.

Archuleta has so far refused to answer where the attacks originated or how many people were affected, leading many in Congress to call for her resignation.

The massive data breach is now believed to have affected well over 10 million separate users, the sources said. The Federal Bureau of Investigation has said up to 18 million could have been affected.